Recent Posts
- ICANN publishes its Woke Manifesto. Here’s my hot take
- Alibaba, Name.com among new RDRS opt-ins
- The Swiss can register .swiss domains from next week
- .ai up to 425,000 domains
- A million “free” .music domains up for grabs
- D3 to get $5 million in crypto to apply for .ape gTLD
- Alibaba hit with ICANN breach notice
- New Vegas conference “Davos for Web3 interoperability”
- ICANN content policing power grab may be dead
- Cable company unplugs its dot-brand after acquisition
- Germany crosses 10,000 dot-brand domains milestone
- Founders out as Com Laude gets equity injection
- PIR’s Diaz to leave domain industry
- Some registrars have already quit ICANN’s Whois experiment
- ICANN opens $217 million Grant Program
- Internet could get one-letter gTLDs (but there’s a catch)
- .ai registry fights deadbeats with tweaked auction rules
- Amazon and Google among .internal TLD ban backers
- .ai registry advises buyers not to use GoDaddy
- .post liberalizes with new sunrise period
- Team Internet spends $41 million on content farm
- Epik backtracks on Kiwi Farms claim after legal threat
- .austin names launch on blockchain
- Freenom shuts down 12.6 million domains — report
- GoDaddy’s next .xxx contract may not be a done deal
- GlobalBlock blocking 2.5 million domains
- Microsoft moving its cloud apps from .com to .microsoft
- ICANN 79: anonymous trolls and undercover lawyers
- ICANN scores win in single-letter .com lawsuit
- Cosmetics brand terminates its gTLD
- Up to 70 jobs on the line at Nominet as .uk regs dwindle
- Governments back down on new gTLD next round delay
- Private auctions could be banned in new gTLD next round
- ICANN meeting venue “insensitive and hurtful”
- GoDaddy to start selling graphic.design domains
- GAC spinning up new gTLD curveball at ICANN 79?
- GoDaddy’s GlobalBlock supports blockchain names
- Police .uk domain takedowns dive in 2023
- GoDaddy wants to cut the bullshit from .xxx
- Dueling domain blocking services to launch at ICANN 79
- Freename tries to bridge DNS and blockchain
- Olive retires from ICANN
- Whois policy published without life-saving disclosure rule
- UK gov takes its lead from ICANN on DNS abuse
- Tucows reports 2023 results
- Twitter “completely unresponsive” on clickable domains
- ICANN spends $5 million more than planned in first fiscal half
- .art takes a million domains off its premium list
- KeyTrap ‘the most devastating vulnerability ever found in DNSSEC’
- Freenom settles $500 million Meta lawsuit and will exit domain business
- New gTLD lottery to return in 2026
- First GlobalBlock prices revealed — they ain’t cheap
- Domain universe grows on new gTLDs despite .com shrinkage
- D3 signs up crypto gTLD client number five
- GoDaddy reports strong domains growth
- How to qualify for a $40,000 gTLD
- Registry service provider evaluation handbook published
- WebUnited inks deal to “mirror” country’s TLD in the blockchain
- GoDaddy project unveils brand-blocking calculator
- Report: Monster “misappropriated” millions from Epik
- .com is shrinking but Verisign raises prices again anyway
- D3 announces fourth crypto new gTLD client
- Donald Trump loses second UDRP case
- UK cybersquatting complaints hit record low
- No excuses! PIR to pay for ALL registries to tackle child abuse
- ICANN insists it is working on linkification
- Namecheap sues ICANN over .org price caps
- GoDaddy offers free Ethereum blockchain integration
- Epik reveals who is running the company
- Epik gets acquired again! The plot thickens…
- Airline gTLD crashes and burns
- First chunks of new gTLD Applicant Guidebook drop
- Epik to reveal its owners soon
- Another crypto firm to apply for a new gTLD
- Monster and Royce are NOT involved in Epik?!
- Nominet to overhaul .uk registry, turn off some services
- Russia blames DNSSEC, not Ukraine, for internet downtime
- Team Internet says revenue beat estimates
- Sold for over $20k, insure.ai and dog.ai back in .ai’s expired names auction
- .ai helps UDRP cases rise in 2023, WIPO says
- Freenom’s domains land at Gandi after termination
- .ru domains fly off the shelf as Western sanctions bite
- ICANN picks its first ever Supreme Court
- Lebanon’s ccTLD going back to Lebanon after ICANN takeover
- ICANN picks the domain it will never, ever release
- ICANN approves domain takedown rules
- Has Epik gone “woke”?
- First bits of new gTLD Applicant Guidebook expected next week
- ICANN bans closed generics for the foreseeable
- You can’t use money to buy .box domains
- After 14 years, ICANN practices what it preaches on IDNs
- Weak demand for private Whois data, ICANN data shows
- .ing doing way better than .meme
- DNS Women barred from ICANN funding?
- Dev releases free open-source TLD registry platform
- INCO flips a gTLD to Identity Digital
- Anguilla fears the .ai junk drop
- Five more gTLDs get launch dates
- $10 million of ICANN cash up for grabs
- Almost 50,000 .ai domains sold in a quarter
- ICANN threatens to regulate your speech [RANT]
- Life insurance company kills dot-brand
- ICANN finds new home for Lebanon’s TLD after founder’s death
- ICANN begs people to use its new Whois service
- Shiba Inu outs itself as crypto new gTLD applicant
- Over 50,000 .ai domains sold in three months
- Amazon planning new push into registrar market?
- Registries and registrars vote ‘Yes’ to new DNS abuse rules
- ICANN predicts flattish 2025 for domain industry
- Fast-growing Gname buys another 150 registrars
- GoDaddy service to let you block domains in over 650 TLDs
- Did I find a murder weapon in a zone file?
- ICANN drops the “man” from Ombudsman
- Have your say on police domain takedown powers
- Most registrars are shunning ICANN’s new Whois system
- Nominet to take over .gov.uk
- ICANN picks Istanbul for 2024 meeting
- ICANN’s private Whois data request service goes live
- .au regs slide on 2LD anniversary
- ICANN accused of power grab over $271 million auction fund
- A registrar is getting blamed for an Israeli war propaganda site
- Two more dot-brands bite the dust
- Google sells five-figure AI domain and six-figure .ing hack
- .blackfriday is still a bit rubbish
- Internet Naming Co acquires five more gTLDs
NetSol to alert cops over domain hijacking
Network Solutions intends to “notify the proper authorities” after a high-profile customer had his account hijacked over the weekend.
Stephen Toulouse, head of policy and enforcement for Microsoft’s Xbox LIVE, lost access to stepto.com, including his web site and email, for several hours yesterday, after a disgruntled teenaged gamer persuaded a member of NetSol’s support staff to hand over the account.
In a statement published on its blog, the domain name registrar said it was an “isolated incident directed at a specific customer account”, adding:
We maintain a well developed processes to ensure that Social Engineering attempts or any identified security concerns are immediately alerted to a Supervisor, who will expedite the investigation, usually with the help of the Network Solutions Security team. In this case, the procedure was not followed, and we apologize for any trouble caused to our customer.
Our Security team continues to investigate this matter. Additionally, because we take this matter very seriously, we intend to notify the proper authorities with the evidence that we have gathered, so that they may investigate the person(s) responsible for the fraud.
According to a new YouTube video released by the person claiming responsibility for the attack, “Predator”, he’s 15. He blamed Toulouse for his frequent Xbox LIVE bannings.
While he said he perpetrated the attack to highlight insecurities in Xbox LIVE, he also offered to hijack other gamers’ accounts for up to $250.
Comments posted in response to his first post-attack video claim to reveal his true identity, but of course comments on YouTube are not what you’d call reliable evidence.
The video itself does reveal a fair bit of information, however, so I can’t imagine tracking him down will be too difficult, especially if Microsoft has his parents’ credit card number on file.
His YouTube channel also has videos of him operating a botnet. That’s a whole lot more serious.
Xbox security chief gets domain hijacked
The head of Xbox Live policy and enforcement at Microsoft has had his domain name compromised by a disgruntled gamer using a social engineering attack on Network Solutions
Stephen Toulouse, who goes by the screen name “Stepto” and has the domain stepto.com, seems to have also lost his email, hosting and, as a result, his Xbox Live account.
He tweeted earlier today: “Sigh. please be warned. Network solutions has apparently transferred control of Stepto.com to an attacker and will not let me recover it.”
Somebody claiming to be the attacker has uploaded a video to YouTube showing him clicking around Toulouse’s Xbox account, whilst breathlessly describing how he “socialed his hosting company”.
It’s a bit embarrassing for Toulouse. He was head of communications for Microsoft Security Response Center for many years, handling comms during worm outbreaks such as Blaster and Slammer.
Now at Xbox Live, he is, as the attacker put it, “the guy who’s supposed to be keeping us safe”.
But it’s probably going to be much more embarrassing for Network Solutions. When the tech press gets on the story tomorrow, difficult questions about NSI’s security procedures will no doubt be asked.
Toulouse has already made a few pointed remarks about the company on his Twitter feed today.
Social engineering attacks against domain name registrars exploit human, rather than technological, vulnerabilities, involving calling up tech support and trying to convince them you are your victim.
In this case, hijacking the domain seems to have been a means to control Toulouse’s email account, enabling the attacker to reset his Xbox Live password and take over his “gamer tag”.
The same technique was used to compromise the Chinese portal Baidu.com, that time via Register.com, in late 2009. That resulted in a lawsuit, now settled.
The attacker, calling himself Predator, was apparently annoyed that Toulouse had “console banned” him 35 times, whatever that means.
He seems to have left a fair bit of evidence in his wake, and he appears to be North American, so I expect he’ll be quite easy to track down.
Predator’s video, which shows the immediate aftermath of the attack, is embedded below. It may not be entirely safe for work, due to some casually racist language.
UPDATE (April 5): The video has been removed due to a “violation of YouTube’s policy on depiction of harmful activities”. I snagged a copy before it went, so if anybody is desperate to see it, let me know.
Network Solutions will sell .xxx domains
Network Solutions has become the first big-name registrar to show that it will support the proposed .xxx top-level domain.
This page has recently appeared on the NSI site, accessible from the company’s home page through the link “.xxx Coming Soon”.
NSI appears confident that ICANN will approve the TLD soon:
.XXX will be launching shortly and Network Solutions is working with ICM Registry to provide informational services for our customers that wish to take advantage of the launch and register domain names.
The TLD is currently being tied up by ICANN’s Governmental Advisory Committee, but many believe it’s likely to be a shoo-in at the San Francisco meeting in March or sooner.
Go Daddy-Google group targets bogus pill merchants
The newly forming industry body tasked with taking down web sites selling fake pharmaceuticals plans to meet next month to develop its mission statement and charter, according to Go Daddy general counsel Christine Jones.
Jones said in an interview tonight that the group, which Go Daddy is jointly “spearheading” with Google, is likely to meet in Phoenix, Arizona in the third week of January.
As I blogged earlier today, the organization was formed following a series of meetings at the White House, which has a policy of reducing counterfeit drugs sales online.
Domain name companies including Go Daddy, eNom, Neustar and Network Solutions are joined in the currently nameless non-profit by the three major search engines and all the major payment processors.
Jones confirmed that redirecting a domain name is an action a participating registrar could take if it finds an infringing site. Go Daddy and others already do this in cases of child porn, for example.
But the group will also share information about fake pharma sites so Google, for example, would also be able to block them from search and Visa could stop payments being processed, Jones told me.
The White House meetings were organized by Victoria Espinel, the administration’s Intellectual Property Enforcement Coordinator (IPEC).
So, while the group has yet to formalize its policies, I wanted to know what the prevailing opinion is on how “illegal” a site will have to be before the group will try to take it down.
Taking down a site selling sugar pills or industrial acid as HIV treatments is one thing, killing a site selling genuine medications to people without prescriptions is another, and blocking a legit pharmacy that sells drugs to Americans with prescriptions more cheaply from across the Canadian border is yet another.
Jones said: “If a pharmacy is a licensed pharmacy and is abiding by whatever the state rules are wherever they’re located, that’s not our target.”
Apparently the new organization, which will be formed as a non-profit entity, may help the companies to avoid running afoul of ECPA, the US Electronic Communications Privacy Act.
Jones said that other companies participating in the White House meetings still have not decided whether to join the new group or not. End-of-year budgetary issues may be a factor here.
Domain registrars have come in for considerable flak over 2010 for allegedly not doing enough to counter fake pharma sites.
A Knujon report published in May, and others, eventually led to eNom in particular promising to crack down harder on rogue pharmacies.
Go Daddy proposes fake pharma site shutdown body
A cross-industry body that will make it easier for web sites selling fake drugs to be shut down is forming in the US, led by Google and Go Daddy.
The idea for the currently nameless organization was announced yesterday following a series of meetings between the internet industry and White House officials.
The group will “start taking voluntary action against illegal Internet pharmacies” which will include stopping payment processing and shutting down web sites.
The domain name business is represented by the three biggest US registrars – Go Daddy, eNom and Network Solutions – as well as Neustar (.biz, .us, etc) on the registry side.
Surprisingly, VeriSign (.com) does not appear to be involved currently.
Other members include the major credit card companies – American Express, Visa and Mastercard – as well as PayPal and search engines Google, Microsoft and Yahoo.
According to a statement provided by Neustar:
GoDaddy and Google took the lead on proposing the formation of a private sector 501(c)(3) non-profit organization that would be dedicated to promoting information sharing, education, and more efficient law enforcement of rogue internet pharmacies.
It’s early days, so there are no specifics as yet as to how the organization will function, such as under what circumstances it will take down sites.
There’s no specific mention of domain names being turned off or seized, although reading between the lines that may be part of the plan.
There’s substantial debate in the US as to what kinds of pharmaceuticals sites constitute a risk to health and consumer protection.
While many sites do sell worthless or potentially harmful medications, others are overseas companies selling genuine pharma cheaply to Americans, who often pay a stiff premium for their drugs.
The organization will do more than just shut down sites, however.
It also proposes an expansion to white lists of genuine pharmacies such as the National Association of Boards of Pharmacies’ Verified Internet Pharmacy Practice Sites (VIPPS).
And it will promote consumer education about the “dangers” of shopping for drugs online, as well as sharing information to stop the genuine bad guys “forum shopping” for places to host their sites.
This is what the statement says about enforcement:
The organization’s members agree to share information with law enforcement about unlawful Internet pharmacies where appropriate, accept information about Internet pharmacies operating illegally, and take voluntary enforcement action (stop payment, shut down the site, etc.) where appropriate.
While taking down sites that are selling genuinely harmful pills is undoubtedly a Good Thing, I suspect it is unlikely to go down well in that sector of the internet community concerned with the US government’s increasing role in removing content from the internet.
Domain name hijacker gets jail time
A man who hijacked Comcast’s domain name, causing hours of outages for the ISP’s customers, has been sentenced to four months in jail.
James Black, who went by the handle “Defiant”, will also have to serve 150 hours of community service, three years of supervised release, and pay Comcast $128,557 in restitution.
Assistant United States Attorney Kathryn Warma told the court:
Mr. Black and his Kryogenicks crew created risks to all of these millions of e-mail customers for the simple sake of boosting their own childish egos.
The attack took place over two years ago. Kryogenicks reportedly used a combination of social engineering and technical tricks to take over Comcast’s account at Network Solutions.
During the period of the hijacking, comcast.net redirected to the hacker’s page of choice. All Comcast webmail was unavailable for at least five hours.
VeriSign poised to sell SSL business to Symantec
Reliable news sources including the Wall Street Journal and Reuters are reporting that VeriSign is on the verge of offloading its market-leading SSL certificate business to Symantec for over $1 billion.
The sale would be the latest in a series of spin-offs that started in 2007, highlighting the company’s renewed focus on domain names.
VeriSign spent many years acquiring a bunch of companies in tenuously related markets – deals that never really made any sense to me – and the last few years selling them off again.
But SSL is not really in the same category as VeriSign’s bizarre forays into, for example, the Crazy Frog ringtone company. It’s the business the company was founded on when it was spun out of RSA Security 15 years ago.
It’s called VeriSign for a reason.
But offloading the SSL business would make sense. One of the reasons VeriSign bought Network Solutions ten years ago was the obvious retail synergies between domain names and SSL certificates – customers could buy both at the same time.
That synergy was diluted when VeriSign spun the NSI registrar business out as a separate company three years later, creating the vertically separated domain name market we know today.
Symantec, with its fingers in the enterprise and home/small business pies, might be able to make a better crack at the SSL game.
So is this bad news for SSL’s current silver medal holder, Go Daddy?
Possibly. Symantec is a force to be reckoned with – only marketing prowess could explain why so many people use Norton.
Of course, these news stories could be nonsense.
But my guts say they’re probably based on the same kind of leaks that companies often float to the press, to see what the markets do, when they’re in the final stages of negotiations.
China connection to Go Daddy WordPress attacks
Go Daddy’s hosting customers are under attack again, and this time it looks like it’s more serious.
Reports are surfacing that WordPress sites hosted at Go Daddy, and possibly also Joomla and plain PHP pages there, are being hacked to add drive-by malware downloads to them.
Go Daddy has acknowledged the attacks, blaming outdated WordPress installations and weak FTP passwords, and has put up a page with instructions for cleaning the infection.
Last week, I was told that the first round of attacks was very limited. Today, the attackers seem to have stepped it up a notch.
As a result, Go Daddy could find itself in a similar situation to Network Solutions, which had a couple of thousand customer sites hacked a few weeks back.
The attacks appear to be linked to a well-known crime gang with a Chinese connection.
According to Sucuri, when a Go Daddy-hosted WordPress page is hacked, JavaScript is injected that attempts to redirect surfers to a drive-by attack from the domain kdjkfjskdfjlskdjf.com (don’t go there).
This domain was registered with BizCN.com, an ICANN-accredited Chinese registrar, but its name servers appear to have been created purely for the attack.
The registrant’s email address is hilarykneber@yahoo.com. This connects the attack to the “Kneber” botnet, a successful criminal enterprise that has been operating since at least December 2009.
A Netwitness study revealed the network comprised at least 74,000 hacked computers, and that the bulk of Kneber’s command and control infrastructure is based in China.
Since Kneber is known to be operated by a financially motivated gang, and it’s by no means certain that they’re Chinese, it’s probably inaccurate to suggest there’s something political going on.
However, I will note that Go Daddy was quite vocal about its withdrawal from the .cn Chinese domain name registration market.
Network Solutions, while it was quieter, also stopped selling .cn domains around the same time as the Chinese government started enforcing strict registrant ID rules last December.
Go Daddy plays down “massive” attack claim
Malicious hackers have compromised a number of WordPress installations running on Go Daddy hosting, but the company claims very few customers were affected.
Slashdot carried a story a few hours ago, linking to a blog claiming a “massive” breach of security at the domain name registrar.
(EDIT: as noted in the comments, this blog may itself have been hacked, so I’ve removed the link. You can find it in the comments if you want to take the risk.)
But Go Daddy says the problem is not as widespread as it sounds.
“We received reports from a handful of Go Daddy customers using WordPress their websites were impacted by the script in question,” Go Daddy security chief Todd Redfoot said in a statement.
“We immediately opened an investigation into what happened, how it was done and how many sites were affected,” he said. “The investigation is currently ongoing.”
The attack is certainly not ubiquitous. I host a number of WordPress sites with Go Daddy, including this one, and they all appear to be working fine today.
And a Twitter search reveals no references to an attack today prior to the Slashdot post, apart from the blog it was based on.
That doesn’t prove anything, but when Network Solutions’ WordPress hosting was breached last week there was a lot more tweet noise. That attack had thousands of victims.
For those interested in the details of the attack, this WordPress security blog appears to be the best place to get the nitty-gritty.
.co enters pricey global sunrise
Trademark holders can from today apply for their brands as .co domain names, even if they do not do business in Colombia.
The second stage of .CO Internet’s sunrise period allows owners of non-Colombian trademarks to apply for their domains through one of 10 chosen launch registrars.
Prices vary from $225 with OpenSRS to $335 through Dotster, with most deals comprising non-refundable application fees plus first-year registration. Go Daddy is charging $299.99 and Network Solutions is charging $279.99.
With the possible exception of .xxx, I’ve got a suspicion that this could be one of the last “generic” TLD launches with such expensive sunrise periods.
It’s quite possible there could be pricing pressure if ICANN quickly approves a few hundred new gTLDs next year. If each charges ~$300 for a pre-launch, it could cause some some registrants to rethink their defensive registration strategies.
The .co sunrise ends June 10. General availability begins July 20.
Recent Comments